CVE-2015-1946

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 8.5 before 8.5.5.6 IBM WebSphere Virtual Enterprise version 7.0 before 7.0.0.6 for WebSphere Application Server 7.0 and 8.0

Description The issue is related to improper implementation of user roles and access control restrictions in certain functions, allowing local users to gain privileges. This is due to errors in configuration rules for access control.

Recommendations For IBM WebSphere Application Server versions 8.5 before 8.5.5.6, update to version 8.5.5.6 or later to resolve the issue. For IBM WebSphere Virtual Enterprise version 7.0 before 7.0.0.6 for WebSphere Application Server 7.0 and 8.0, update to version 7.0.0.6 or later to resolve the issue.